In its blog announcing the paper, Trend Micro stated that “Operation Iron Tiger is a targeted attack campaign discovered to have stolen trillions of bytes of data from defense contractors in the U.S., including stolen emails, intellectual property, and strategic planning documents.” The report further details that targets of Iron Tiger included military defense contractors, intelligence agencies, FBI-based partners, and the U.S. government. The private entities were tech-based government contractors in the electric, aerospace, intelligence, telecommunications, energy, and nuclear engineering industries.

Iron Tiger was observed exfiltrating up to 58GB worth of data from a single target, more than was stolen in the Sony attack. It could have potentially stolen up to terabytes of data in total, Trend Micro reports. It is highly environmentally adaptive and otherwise sophisticated and well organized, potentially merely an arm of a larger, multi-teamed operation with various targets.

China is convincingly Iron Tiger’s home base

The primary situs of China as the operatives’ home base was convincingly evidenced by the facts that the operatives used virtual private network (VPN) servers that only accepted China-based registrants, used Chinese file names and passwords, and operated from China-registered domains, according to the report. Some of Iron Tiger’s actions were also attributed Iron to an individual physically located in China.

SCOTT (すこっと)

Scott (すこっと) is a cyber security, threat intelligence strategist, and technology evangelist working and living in Tokyo. In addition to his day job, Scott is fascinated by the future of computing, the technology industry, privacy, encryption, mobile apps, politics, & Japan. Scott enjoys taking pictures with his iPhone and sharing them freely online, primarily on Instagram.